A recent security breach in TeleMessage, a provider of modified encrypted messaging apps like Signal, Telegram, and WhatsApp, has resulted in the extraction of archived messages and other sensitive data belonging to U.S. government officials and companies, as reported by 404 Media.
The spotlight fell on TeleMessage last week when it was revealed that former U.S. National Security Adviser Mike Waltz was using their modified version of Signal. TeleMessage, based in Israel and owned by Smarsh, offers a service to archive messages, including voice notes, from encrypted apps.
Fortunately, the messages of cabinet members and Waltz were not compromised, according to 404 Media. However, the hacker was able to access the contents of messages, contact details of government officials, backend login credentials for TeleMessage, and more. Data from entities such as the U.S. Customs and Border Protection, Coinbase, and Scotiabank was also extracted in the breach.
The breach exposed that the archived chat logs are not end-to-end encrypted between TeleMessage’s modded Signal app and where the messages are stored, as reported by 404 Media.
Requests for comment from Smarsh, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank have not yet been answered.
